We’ve talked about security in the past, but we haven’t talked about passwords. Passwords are generally a good thing, especially if it’s a strong password. However, in many cases passwords only give the illusion of security.
This month we’re going to take a look at what makes a good password, when a password is going to protect you, and – most importantly – when a password may well let you down. Finally, we’ll give you tips on protecting data when passwords just don’t do the trick.
Let’s look at how to create a hard-to-guess password. We find all too many people take the easy road to password creation. You know who you are – you use the name of a spouse, a child, or a pet. Maybe you throw in a random number or two, but you need it to be easy to remember.
But a good password uses a mix of numbers, letters (upper and lower case) and special characters (@, $, !, etc.) where possible. Well, it can be easy to remember and still hard to guess. For example, I like classic rock, and one of my favorite bands is Led Zeppelin. I saw them in concert in 1976. So I might build my password like this: Pb (the chemical symbol for lead) 2ep (two looks like a “Z”) and the numbers 1976 giving me Pb2ep1976. If you can use special characters to replace letters, such as “@” for an “a” or “!” looks like an upside-down “I” if you think about it. Random capital letters ( seaTtle or fuNnY) are fun to play with as well. Keep in mind that even a good password needs to be changed frequently.
A great password is most helpful for protecting access to Web sites or remote access to networks or devices like cell phones or PDAs. Most Web sites with decent security will lock anyone (or anything) out after a few unsuccessful login attempts, PDAs, phones and similar gadgets usually don’t offer ways for people to get around passwords without destroying the data on the device.
So when is a great password really not so great? When someone is sitting in front of your computer. We had a customer who loved to build long passwords with random letters and numbers. One day he called, wondering what it would cost for us to hack into his computer. He was stunned when we had his computer up and running in less than ten minutes.
If we can’t sneak in through the back door, Safe Mode, we have a couple of programs we bought off the Internet for less than $50 each.
Sure, you can secure your computers so these tricks won’t work, but the bottom line is that if I have some time alone with your computer (imagine your laptop in a hotel room or your office PC stolen) I WILL get the data from your hard drive. It’s really a question of time and desire.
So how do you really protect your data on a laptop or desktop computer? The best way is to avoid keeping sensitive data on your computer. If you have a properly configured server, you can be pretty confident your data is secure if you store it there. You can also keep data on a flash drive (some of which can be encrypted), but these can get lost or damaged – we’ve put a couple of these through the laundry.
Did we say encryption? That may arguably be the best way to protect the data on your hard drive. Windows Visa Ultimate includes a program called BitLocker that will (for now) scramble your data so that only people with the correct key (password) can access it.
If you have another version of Windows a Google search for “windows data encryption” will give you more than 3.5 million options for encrypting your data. Most of this stuff is pretty good, but keep this in mind: if you lose the key or something goes sideways with the encryption program you may never be able to access your data.
The bottom line is that digital information and printed information have a lot in common. If you don’t lock it up, it can be stolen or copied. If you lock it, there’s almost certainly someone who can pick the lock.
If you lock it up good and tight and lose or damage the key, you may never get your data back. Use the best security you can, but always have a full and current backup of your data available.
Talk to us
> Give us your news tips.
> Send us a letter to the editor.
> More Herald contact information.
